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METHOD AND APPARATUS FOR SECURING system comprising a game server and one or more player 

ELECTRONIC GAMES terminals. The game server includes a random number 

generator and a first transmitting device for transmitting a 

BACKGROUND OF THE INVENTION first random number to the one or more player terminals. The 

m _ _ .5 one or more player terminals includes a random number 

The present invention relates to electronic games, and ^ ^ a ti!iIlsmiltiD dcvice for 

particularly to methods and devices for securing and ensur- a random numbcr to ^ servcr nc s tem 

ing the randomness of electronic or online games. ^ indudes haldy/!ac md proccdures for ensuring that the 

Various forms of electronic games of chance have been fi Bt ran d 0 n> number is generated independently of the 

available for many years. The way these games are played, i 0 secon d random number. 

however, is changing dramatically with the use of digital MsQ k accordance ^ ^ pur p 0S e S 0 f the invention, as 

computers operating on electronic networks such as the embodied and broadly described, the invention recites a 

Internet. Players can now connect to a remote server and method of mDtiomg aQ electronic game played in a system 

wager electronically. including a game server and one or more player terminals. 

Rather than traveling to a casino, a player can log into an 15 The method includes the steps of generating a first random 

electronic game and wager from the comforts of his own number at the game server; generating a second random 

home. While this remote playing has many advantages, it number at the player terminal; encoding the first random 

raises several security issues. For example, when playing number at the game server; encoding the second random 

card games at a casino, a player can observe the dealer number at me player terminal; transmitting a player encoded 

shuffle and deal the cards and thus has some confidence that 20 number from the player terminal to the game server; trans- 

the outcome was generated randomly. In an electronic mitring a player decoding key from the player terminal to the 

casino, the shuffling process is typically digitally generated, game server; and decoding the player encoded number at the 

driven by random number generators which the player game server to obtain the second random number, 

cannot see. The player cannot know whether the random For both the systems arid met hods of the invention, the 

number generated is truly random or was selected by the 25 invention generates a result value based on the first random 

casino to give it an advantage. number and the second random number and produces a 

Electronic game providers have tried to increase players* game result based on the result value, 

confidence in the legitimacy of games by assuring players mve ntion further includes the systems and procedures 

that gaming software has not been tampered with. For of ^ game XTVCT and ^ player terminal separately and 

example, an electronic game provider may allow an inde- ™ hardware and procedures for encoding, hashing, encrypting, 

pendent third party to perform an audit of the software. This decoding, dehashing, and decrypting the first and second 

is a time-consuming and expensive process, however. With raD dom numbers. Moreover, the systems and procedures of 

complex software running into the hundreds of thousands of ^ prescnt invention provide for authenticating players and 

lines of code, it is very difficult to find a few lines of code create aildit records 0 f game data. 

that alter the randomness of the outcomes. Also use of an 35 ^ described ab m . ^ activities sucn ^ ^ 

independent, third party auditor shifts the need for trust to which W£re d dent on me genera tion of a random 

another party, and does not guarantee the legitimacy of the Qumber by Qne v ^ {ssm ^ nQt be ^ptUtd regarding 

gamc * the true randomness of the number and the legitimacy of the 

Some electronic lottery systems have subscribed to meth- outcome dependent on the number. In the present invention, 

ods for securing communications between remote player at least two parties must participate jointly in the generation 

terminals and a central controller. U.S. Pat. No. 4,652,998 to 0 f a random number, thereby dispelling any doubt and 

Koza, for example, describes cryptographic methods for insuring the randomness of the number and any outcome 

securing these communications. In games dependent on the dependent on that number. 

use of random numbers, however, simply securing the Additional objects and advantages of the invention will be 

transmission of a fraudulent random number does not solve set forlh m part in ^ description wnicn follows, and in part 

the problems inherent m the prior art. ^ ^ obvious from the descriptiorij or may be learil ed by 

Although there are many patents which describe the practice of the invention. The objects and advantages of the 

generation of random numbers, such as U.S. Pat. No. invention will be realized and attained by means of the 

3,548,174 to Knuth, they describe only methods for improv- 5Q elements and combinations particularly pointed out in the 

ing the statistical performance of random number genera- appended claims. It is to be understood that both the 

tors. foregoing general description and the following detailed 

description are exemplary and explanatory only and are not 

SUMMARY OF THE INVENTION restrictive of the invenU^n, as clLed. 

Accordingly, the present invention is directed to systems 55 BRIEF DESCRIPTION OF THE DRAWINGS 
and methods for ensuring the randomness of random num- 
bers and authenticating the results of electronic games in a ^ accompanying drawings, which are incorporated in 
manner that substantially obviates one or more of the ™ d constitute a part of this specification, illustrate several 
problems due to limitations and disadvantages of the related embodiments of the invention and together with the general 
art. The present invention overcomes the limitations and 60 description given above and the detailed description given 
disadvantages noted above by including in an electronic below > to explain the principles of the invention, 
game system hardware and procedures to ensure that ran- FIG. 1 is a block diagram of an electronic game system in 
dom numbers used to generate game results are truly accordance with one embodiment of the present invention; 
random, independently-generated numbers. FIG. 2 is a block diagram showing one embodiment of a 

To overcome the disadvantages of the prior art, and in 65 game server; 

accordance with the present invention, as embodied and FIGS. 2A and 2B are block diagrams showing exemplary 

broadly described, the invention includes an electronic game database configurations; 
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FIG. 3 is a block diagram showing one embodiment of a and database searches. In one embodiment, game server 200 

player terminal; comprises a conventional personal computer or computer 

FIG. 4 is a flow chart illustrating a process by which a workstation with sufficient memory and processing capabil- 

player transmits a selection to a game server; to P«fcnn the d^los^ functonality. APentium micro- 

* . . . . « 5 processor such as the 100 MHZ P54C, commonly manu- 

FIG. 5 is a flow chart showing a process by which a player f ac tured by Intel Inc., may be used for CPU 205. This 

generates and encodes a random number; processor employs a 32-bit architecture. In other 

FIG. 6 is a flow chart illustrating a process by which a embodiments, game server 200 operates as a Web server, 

game server generates and encodes a random number; both transmitting and receiving communications to and from 

FIG. 7 is a flow chart illustrating a process of exchanging 10 player terminals 300. 

decoding keys between a player terminal and a game server; J Cryptographic processor 210 supports the encoding and 

n „ „ , ' .„ . r . decoding of communications with players, as well as the 

FIG. 8 is a flow chart illustrating a process of generating authen tication of players. An MC68HC16 microcontroller, 

a game result based on a combination of a first random co mm0 nly manufactured by Motorola Inc., may be used for 

number and a second random number; cryptographic processor 210. This microcontroller utilizes a 

FIG. 9 is a flow chart illustrating a process at a game 15 16-bit multiply-and-accumulate instruction in the 16 MHZ 

server of generating and transmitting a random number configuration and requires less than one second to perform 

without encoding it; a 512-bit private key operation. Other exemplary commer- 

FIG. 10 is a flow chart illustrating a process of transmit- cUUy available specialized cryptographic processors include 

ting a decoding key from a player temnnal to a game server ™ TB ^g£ * ^ 686 * ° r Comn f- 

and decoding a random number; 20 40 MHZ Roadrunner 284. Alternatively, crypto- 

& .„ graphic processor 210 may be configured as part of CPU 

FIGS. U through 13 are flow charts illustrating an exem- 205 

plary procedure for exchanging random numbers in which a Aconventional random number generating processor may 

player terminal generates a hash value of a random number; be ^ for random number generator 225. The HEMT 

FIG. 14 is a flow chart illustrating an exemplary proce- 25 integrated circuit manufactured by Fujitsu, for example, is 

dure for simultaneously exchanging random numbers capable of generating over one billion random numbers per 

between a player terminal and a game server; second. Alternatively, random number generator 225 may be 

FIG. 15 is a flow chart illustrating an exemplary proce- incorporated into CPU 205. 

dure for encoding and decoding a player communication Payment processor 230 supports the transfer and 

using a symmetric key; 30 exchange of payments, charges, or debits. Functions per- 

FTG. 16 is a flow chart illustrating an exemplary proce- formed by payment processor 230 include the preparation of 
dure for encoding and decoding a player communication on-line account statements, order-taking, credit card pay- 
using asymmetric keys; ment authorization, credit card settlement, automated sales 

FIG. 17 is a flow chart illustrating an exemplary proce- tax calculations, digital receipt generation, account-based 

dure for providing authentication and message integrity; and & purchase tracking, and payment aggregation for low-priced 

FIG. 18 is a flow chart illustrating another exemplary services ' Processing of credit card transactions by payment 

procedure for providing authentication and message integ- V™™™ 230 ma y be ^PP orted ™* commercially avail- 

- t able software, such as the Secure Webserver manufactured 

y * by Open Market, Inc. This server software transmits credit 

DETAILED DESCRIPTION OF THE 40 card numbers electronically over the Internet to servers 

INVENTION located at the Open Market headquarters where card veri- 

System Architecture fication and processing is handled. Their Integrated Com- 

FIG. 1 illustrates the basic system components of one merce Service provides back-office services necessary to run 

embodiment of the present invention. Generally, the system Web-based businesses. Payment processor 230 preferably 

comprises game server 200 and multiple player terminals 45 comprises a microprocessor (such as the Intel Pentium), but 

300, each with an associated player modem 350. Game alternatively may be configured as part of CPU 205. 

server 200 preferably is connected to the player terminal Data storage device 250 may include hard disk, magne tic, 

modems 350 via an Internet connection using the Public or o ptical storage units, as well as CD-ROM drives or fla sh 

Switched Telephone Network ("PTSN") 110. Alternatively, memory . D ata storage Tdevice 250 contains databases used in 

the connections may be provided by dedicated data lines, 50 the processing of transactions in the present invention , 

cellular, Personal Communication Systems ("PCS"), including^player database ZSjTffiyer selection data^d ata- 

microwave, satellite networks, or any other form of data base 26 f o7game result database 2T5, player random numb er 

communications path. ' database 27U, playe r d ecoding Key database 275 T au dit 

FIG. 2 illustrates the b asic hardware and data structures of d atabase ZSU, payment database 285, player account da ta- 

game server 200 in accordance with one embodiment of the 55 b ase 290, game server random number database 292, game 

present invention. Game server 200 includes central proces- server encoding key database Hi, game server decocti ng 

sor ("CPU") 205, cryptographic processor 210, random Icey database 296, and combination protocol database 298. 

access memory ("RAM") 215, read-only memory ("ROM") m a preferred embodiment, database software such as 

220, random number generator 225, payment processor 230, Oracle7, manufactured by Oracle Corporation, is used to 

clock 235, operating system 240 (typically residing in 60 create and manage these databases. 

memory as software), network interface 245, and data For illustration purposes, FIG. 2A provides a structural 

storage device 250. These elements are connected diagram of an exemplary player selection data database 260. 

appropriately, for example, by a standard system bus, so as As shown, selection data database 260 maintains data on 

to allow communications among them. selections made by a player, and includes fields for saving 

Game server 200 is preferably capable of high volume 65 player ID number 261, tracking number 262, game selected 

transaction processing, performing a significant number of 263, amount of wager 264, time of wager 266, type of wager 

mathematical calculations and processing communications 267, and a game result 268. 
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FIG. 2B illustrates another example of a database, this Finally, combination protocol database 298 stores the 

time, the game result database 265. As shown, game result protocols used to combine a player random number with a 

database 265 tracks the results associated with each set of game server random number to form a result value, 

player selection data and includes fields for the player ID Referring again to FIG. 2, network interface 245 is the 

number 261, selection data tracking number 262, game 5 gateway to communicate with players through respective 

result 268, result value 269, time of result 271, and status of P laver terminals 300. Conventional internal or external 

oavment 272 modems may serve as network interface 245. Network 

The meaning of the information in these various fields 245 preferably supports modems at a range of baud 

will become more clear in the following descriptions. The ra £? & °™ 1200 «pwnd, but may combine such inputs into 

it _ , . , • j • • -i .i a Tl or 13 line if more bandwidth is required. In a preferred 

other databases are organized in a similar manner mus 10 embodiment network inlefface 245 ] s connecte ^ l0 the 

separate .figures ;of each are not necessar) r. Player database laUm% and/of a commercial on . line service such as 

255 maintains data on players, and mcludes fields such as A^ca Online, CompuServe, or Prodigy, allowing players 

name, address, credit card number, phone number, ID acccss to gamc scrvcr 2 fj0 from a wide range of electronic 

number, social security number, electronic mail address, past connections. Several commercial electronic mail servers 

system usage, public/private key information, and game 15 include the above functionality. For example, NCD Software 

preferences. This information is preferably obtained when manufactures "Post.Oflice," a secure server-based electronic 

the player first registers with the system. Player database 255 mail software package designed to link people and infor- 

also contains the tracking number of each player selection mation over enterprise networks and the Internet. This 

data and player random number generated by a player. product is platform independent and utilizes open standards 

Player random number database 270 stores all player 20 based on Internet protocols. Users can exchange messages 

random numbers. This database is indexed by player ID and with enclosures such as files, graphics, video, and audio, 

contains fields such as player ID number, corresponding This product also supports multiple languages, 

selection data tracking number, tracking number of a cor- Alternatively, network interface 245 may be configured as a 

responding player decoding key, a player random number, voice-mail interface, web site, electronic Bulletin Board 

and the time at which the player random number was 25 System ("BBS"), or electronic-mail address, 

received by game server 200. While the above embodiment describes a single computer 

Player decoding key database 275 facilitates the decoding acting as game server 200, those skilled in the art will realize 
of the player random number, storing the keys necessary to that the functionality can be distributed over a plurality of 
decode communications from a player. For messages computers, wherein the databases and processors are housed 
encrypted using a public key encryption system such as 30 in separate units or locations. Some controllers perform the 
RSA, Data Security Inc/s player public keys will be stored primary processing functions and contain at a minimum 
in player decoding key database 275. In a symmetric key RAM, ROM, and a general processor. Each of these con- 
cryptographic system such as Data Encryption System trollers is attached to a WAN hub which serves as the 
("DES"), symmetric keys are stored. Both symmetric and primary communication link with the other controllers and 
public keys are long strings of binary digits, and are 35 terminals. The WAN hub may have minimal processing 
explained more fully below with respect to cryptographic capability itself, serving primarily as a communications 
authentication embodiments. router. Those skilled in the art will appreciate that an almost 

Audit database 280 stores transactional information relat- unlimited number of controllers may be supported, 

ing to a player and, in one embodiment, includes the time FIG. 3 illustrates the basic hardware and data st ructures of 

and date of each player log in, and the number of games 40 a player terminal in accordance with a preierrea embodi- 

played. ment oi"tne "invention. Playe rte rminal b 300 preferably 

Payment database 285 tracks all payments made by the includes central processor (6^0^305, cryptographic pro- 

players with fields such as player name, player ID number, cessor 310, RAM 315, ROM 320, random number generator 

amount of payment, and corresponding player selection data 325, video driver 327, video monitor 330, clock 335, com- 

and a game result. This database may also store credit card 45 munication port 340, input device 345, modem 350, and data 

numbers of players or bank account information. storage device 360. Biometp c^ evice 355 mav be added fog 

Player account database 290 may be established if the increased security, asliescribed below with respect to c rvp- 
player wants to keep a balance of funds at game server 200 t ographic authentication embodiments. A Pentium micro- 
for future transactions. Player account database 290 acts as processor such as the 100 MHZ P54C described above may 
a checking account, with winnings deposited and losing 50 be used for CPU 305. A conventional random number 
wagers subtracted. Alternatively, this account may be a generating processor such as the HEMT integrated circuit 
pointer to account data stored at the player's bank, storing described above may be used for random number generator 
only the name of the bank and the player's bank account 325. Alternatively, random number generator 325 may be 
number. incorporated into CPU 305. Clock 335 is a standard chip- 
Game server random number database 292 tracks all 55 based clock which can serve to time stamp transactions 
game server random numbers generated by game server 200 between player terminal 300 and game server 200. 
and, in one embodiment, includes fields such as correspond- In an exemplary embodiment, player terminal 300 is a 
ing player selection data tracking number, player name, conventional personal computer having an input device, 
player ID number, the time that game server random number such as a keyboard, mouse, or conventional voice recogni- 
was generated, and the time that the game server random 60 tion software package. Player terminal 300 would thus 
number was transmitted to the player. interface with game server 200 via modem 350. 

Game server encoding key database 294 stores all encod- Alternatively, player terminal 300 may be a voice-mail 

ing keys used by game server 200 to encode the game server system, or other electronic or voice communications system, 

random number. Devices such as fax machines or pagers are also suitable 

Game server decoding key database 296 stores all decod- 65 terminal devices, 

ing keys transmitted to player terminal 300 to decode the Modem 350 may not require high-speed data transfer if 

game server random numbers. most player selection data and player random numbers are 
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text-based and not too long. For cryptographic processor 
310, the MC68HC16 microcontroller described above may 
be used. The structure of biometric device 355 will be 
described in conjunction with the cryptographic authentica- 
tion embodiment. 

Data storage device 360 preferably comprises a conven- 
tional magnetic-based hard disk storage unit such as those 
manufactured by Conner Peripherals. Selection data data- 
base 365 records all selection data generated by a player, 
tracking games selected, type of bet, amount of wager, etc. 
Audit database 370 stores communications between player 
terminal 300 and game server 200. Encoding key database 
375 stores keys used in the process of encoding communi- 
cations transmitted to game server 200. Combination pro- 
tocol database 380 stores the protocols used by game server 
200 to combine a player random number and a game server 
random number. Game result database 385 stores all of the 
players' results, including amounts won or lost. Player 
random number database 390 stores each random number 
generated by a player. Game server random number database 
395 stores all game server random numbers received from 
game server 200. This database may also store the corre- 
sponding decoding keys in the event that a game server 
random number is encoded. 

Player terminal 300 communications are preferably soft- 
ware driven. There are many commercial software applica- 
tions that can enable the communications required by player 
terminal 300, the primary functionality being message cre- 
ation and transmission. Eudora Pro manufactured by Qual- 
comm Incorporated, for example, provides editing tools for 
the creation of messages as well as the communications 
tools to route the message to the appropriate electronic 
address. When game server 200 is configured as a Web 
server, conventional communications software, such as the 
Netscape Navigator Web browser from Netscape Commu- 
nications Corporation may also be used. The player may use 
the Netscape Navigator browser to transmit and receive 
random numbers and selections. 

Having described the system and component architecture, 
we will now consider various embodiments of the present 
invention to ensure the integrity of electronic games. 
Mutual Encoding Embodiments 

As discussed, in one embodiment of the present invention, 
communications between player terminal 300 and game 
server 200 take place via electronic networks, with game 
server 200 acting as a Web server. 

FIG. 4 illustrates a process bv which a player transmit s a 
player selecti on to a game server. Initially, a player logs on 
t o game server 2M using player modem 350 of play er 
t erminal 300, establishing a communication link at step 40 0. 
At step 410, the player selects the game that he wants to play 
By selecting from a list of possible games. T he player may, 
lor example, select a potential game from a list on a Web 
page by clicking on the appropriate icon or graphic. Games 
preferably include casino games such as blackjack, craps, 
roulette, baccarat, slot machines, lottery, poker, video poker, 
and sports betting, but may include any game in which a 
server generates a random number that must be trusted by a 
player, including raffles and prize drawings. 

After the game is selected, the player selects a type of 
wager at step 420. The type of wager is directly related to the 
game selected. The type of wager for a roulette game, for 
example, might be a bet on "even" and a single number bet 
such as "18 black/' For a game like blackjack, the type of 
wager would indicate the number of simultaneous hands the 
player intends to play. 

At step 430, the player then selects the amount of each 
wager. For example, the player might bet one hundred 
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dollars on the next blackjack hand, or may bet five dollars 
on the next pull of a slot machine. The player may elect to 
use funds from player account database 290 or may transmit 
payment information such as a credit card number along 

5 with the total amount wagered. At step 440, the player 
attaches his name or a unique player ID number to his 
selections, allowing game server 200 to authenticate the 
identity of the player. This ID number is preferably received 
from game server 200 when the player registers with the 

10 service or is chosen by the player and then registered with 
game server 200 by phone. As shown in FIG. 2A, game 
server 200 maintains a database of player ID numbers in 
player database 255 and issues (or allows) only unique 
numbers. If less security is required, the player's telephone 

15 number could serve as the ID number since it has the 
advantages of being both unique and easily remembered. If 
additional security is required, procedures such as those 
described below with respect to cryptographic authentica- 
tion embodiments may be implemented. 

20 At step 450, all of the data provided by the player is 
combined to form "selection data" which is transmitted to 
game server 200. Game server 200 then receives the player 
selection data and adds a tracking number before storing it 
in selection data database 260. 

25 Instead of a World Wide Web-based interface, players 
may also transmit the selection data via electronic-mail, 
voice-mail, or facsimile transmissions. With voice-mail, the 
player calls game server 200 and leaves selection data in 
audio form. Selection data is then transcribed into digital 

30 text at game server 200 by a conventional audio-to-text 
transcriber, not shown. As described, game server 200 
supports a plurality of transmission methods, allowing for a 
wide variety of formats of selection data. 

FIG. 5 illustrates a process by which a player generates 

35 and encodes a random number for use by the game server 
200. At step 500, the player generates a player random 
number either by selecting a number himself or prompting 
random number generator 225 of player terminal 300 to 
produce the number. Although this number is preferably 

40 random, the system works equally well with any number that 
cannot be predicted by game server 200. Random number 
generator 225 may incorporate external factors such as the 
time between keystrokes of the player, or the current posi- 
tion of a computer mouse 345. At step 510, player terminal 

45 300 stores the player random number in player random 
number database 390. At step 520, cryptographic processor 
310 encodes the player random number using an encoding 
key from encoding key database 375. Because each player 
random number preferably uses a unique encoding key, 

50 encoding key database 375 preferably contains either a large 
number of unique keys or generates new encoding keys in 
real-time. Various methods for encoding numbers are known 
in the art and need not be described here in detail. For 
reference, one of ordinary skill in the art may refer to Bruce 

55 Schneier, Applied Cryptography, Protocols, Algorithms, 
And Source Code In C, (2d Ed, John Wiley & Sons, Inc., 
1996). 

Along with an encoded player random number, the player 
appends his player ID number and the tracking number (see 

60 FIG. 2A) to the corresponding selection data so that game 
server 200 knows to which wager the player random number 
should apply. This information is then transmitted to game 
server 200 using player modem 350 at step 530. In order to 
authenticate the player's identity, game server 200 extracts 

65 the player ID number from the message containing the 
encoded player random number and looks up the player's 
identity in player database 255. If further authentication is 



06/22/2004, EAST Version: 1.4.1 



6,099, 

9 

desired, the protocols of the authentication embodiments 
discussed below may be employed. 

FIG. 6 illustrates a procedure used by game server 200 to 
generate and encode a game server random number. After 
authenticating a player, random number generator 225 of 5 
game server 200 generates a game server random number at 
step 600. At step 610, the game server random number is 
stored in game server random number database 292. At step 
620, cryptographic processor 210 of game server 200 
encodes the game server random number. As with the 10 
encoding of the player random number, cryptographic pro- 
cessor 210 preferably has access to a large supply of unique 
encoding keys or an algorithm to produce them. At step 630, 
game server 200 then transmits encoded game server ran- 
dom number to player terminal 300. It should be noted that 15 
there are a number of hardware options for the receipt of the 
encoded game server random number at player terminal 300. 

In this embodiment, the system remains secure because 
the random numbers have been generated and exchanged for 
future verification, but have not yet been decoded. As such, 20 
both parties know that the random numbers have been 
generated independently, ensuring a fair game result. 

FIG. 7 illustrates a procedure for exchanging decoding 
keys between the player terminal 300 and game server 200. 
At step 700, game server 200 (for the first time) transmits 25 
game server decoding key to player terminal 300. Like the 
encoding key used to encode the game server random 
number, the game server decoding key must be unique for 
each random number generated. At step 710, the player 
terminal 300 transmits a unique player decoding key to 30 
game server 200. In this embodiment, this exchange of 
decoding keys need not take place simultaneously since both 
parties are already in possession of each other's encoded 
random number. At step 720, game server 200 uses the 
player decoding key to decode the player random number. At 35 
this point, game server 200 now has both a player random 
number and a game server random number in decoded form 
and can use these numbers to generate a game result. The 
player need only decode the encoded game server random 
number in the event of a dispute, as described below. 40 

FIG. 8 illustrates a procedure for the game server 200 to 
generate a game result. As shown, game server 200 gener- 
ates a game result based on the game server random number 
and the decoded player random number using the combina- 
tion protocol from combination protocol database 298 (FIG. 45 
2). At step 800, the combination protocol is retrieved from 
combination protocol database 298. The combination pro- 
tocol is preferably known to both the player terminal 300 
and game server 200, is unique to the particular game 
selected, and may be published for anyone to read. The 50 
combination protocol is preferably a series of mathematical 
steps which transform the player random number and the 
game server random number into a distinct "result value." 
For example, the combination protocol developed for a 
roulette game may indicate that the player random number 55 
and the game server random number are first multiplied 
together, with the resulting number squared. The remainder, 
after dividing this resulting number by "38, " is the "result 
value." Ihe result value in this example, therefore, is an 
integer between "0" and "37, " For the roulette game, the 60 
integers between "0" and "37" are mapped with the set of 
"38" possible outcomes for the spin of a roulette wheel. 
Thus, the result value corresponds to the result of the spin of 
a roulette wheel. 

At step 810, the result value is then compared to the type 65 
of wager in the player selection data in database 260 to 
determine a game result. For example, in the roulette 
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example, a player making a bet on "fifteen-red" (see FIG. 
2A) would lose the wager if the result value were any 
number other than "fifteen-red." The game result for a loss 
might be "lose one dollar" for a one dollar wager. At step 
820, the game result is then transmitted to player terminal 
300. Payment processor 230 of game server 200 then 
decrements player account 290 by one dollar, or charges the 
player's credit card one dollar (step 830), then stores the 
game result in game result database 265, indexed by the 
player ID number (step 840). For an improved audit trail, in 
one embodiment the game result is time stamped by clock 
235 of game server 200 before being stored, or is crypto- 
graphically chained to previously stored game results. The 
corresponding player selection data stored in selection data 
database 260 is then updated to indicate that a result has 
been reached in step 850 (see e.g. the "result" column in 
FIG. 2). The player may now begin the cycle again by 
selecting another set of player selection data. 

Using the above method, a player may be confident that 
the random numbers were generated independently of one 
another, i.e. that the player random number was generated 
without knowledge of the game server random number, and 
vice-versa. For game server 200 to cheat, it would have to 
decode the player random number before generating the 
game server random number. With knowledge of the player 
random number, game server 200 could select a game server 
random number to obtain a desired result value and, hence, 
game result. Obtaining the player random number before 
generating the game server random number, however, 
requires game server 200 to decode the encoded player 
random number, which cannot be accomplished practically 
before receiving the player decoding key. If the player 
suspects that game server 200 has cheated by not properly 
incorporating the player random number, he can decode the 
game server random number using the game server decoding 
key and apply the combination protocol from the combina- 
tion protocol database 398 at the player terminal 300 to both 
random numbers, thus verifying the game result. 
Single Encoding Embodiments 

In another embodiment of the present invention, player 
terminal 300 and game server 200 again exchange random 
numbers. This embodiment, however, requires that only one 
of the parties encode its random number. The party trans- 
mitting its random number without encoding preferably 
waits until it has received the coded random number from 
the other party. This embodiment will now be discussed with 
reference to FIGS. 9 and 10. 

Referring to FIG. 9, player terminal 300 has already 
generated a player random number, encoded it, and trans- 
mitted it to game server 200 in a manner similar to that 
described for the mutual encoding embodiments. At step 
900, game server 200 generates a game server random 
number and, at step 910, stores it in game server random 
number database 292. At step 920, game server 200 trans- 
mits the game server random number to player terminal 300. 
Since no encoding takes place, however, game server 200 
does not transmit a game server decoding key. 

As shown in FIG. 10, after receiving the game server 
random number, player terminal 300 transmits a player 
decoding key to game server 200 at step 1000. At step 1010, 
game server 200 uses the player decoding key to decode the 
encoded player random number. At this point, each party is 
in possession of the other party's respective random number. 
The random numbers are then combined as described above 
to generate a game result. 

In this embodiment, player terminal 300 generates and 
transmits encoded player random number before game 



06/22/2004, EAST Version: 1.4.1 



6,05 

11 

server 200 generates and transmits the game server random 
number. Then, after receiving the game server random 
number, player terminal 300 transmits the decoding key for 
the game server 200 to decode the encoded player random 
number. In an alternative embodiment, game server 200 and 
player terminal 300 switch procedures. Specifically, game 
server 200 generates and transmits an encoded game server 
random number before player terrninal 300 generates and 
transmits the player random number. Then, after receiving 
the player random number, the game server 200 transmits 
the decoding key for the player terminal to decode the game 
server random number should the player so choose. 

Again, in these embodiments, both the player and the 
game server 200 may be confident that the player random 
number and the game server random number were devel- 
oped independently. 
Hash Value Embodiments 

In this embodiment, neither player terrninal 300 nor game 
server 200 encodes their respective random numbers. 
Instead, player terminal 300 generates a player random 
number, hashes it, sends the hash value to game server 200, 
and then receives the game server random number. The 
player terminal then transmits the player random number to 
game server 200, where it is hashed and then compared to 
the hash value previously received to determine whether it 
is the number originally generated by player terminal 300. 
Operation of this embodiment is illustrated in the flow 
diagrams of FIGS. 11-13. 

Referring to FIG. 11, player terminal 300 has already 
transmitted player selection data to game server 200 as 
described above. At step U00, player terminal 300 then 
generates a player random number as previously described. 
At step 1110, the player random number is stored in player 
random number database 390 of player terminal 300. Cryp- 
tographic processor 310 then hashes the player random 
number at step 1120, generating a hash value. This hash 
value represents a one-way transformation of the original 
player random number. While it is computationally simple to 
generate the hash value from the player random number, it 
is computationally unfeasible to re-create the player random 
number from the hash value alone. At step 1130, player 
terminal 300 transmits the hash value to game server 200. 

As shown in FIG. 12, game server 200 then generates a 
game server random number at step 1200. This number 
cannot be based on the player random number since, in this 
embodiment, game server 200 only possesses the hash value 
of the player random number. At step 1210, game server 200 
stores the game server random number in game server 
random number database 292, then, at step 1220, transmits 
the game server random number to the player terminal. 

Referring to FIG. 13, player terminal 300 receives and 
stores the game server random number at step 1300. At step 
1310, player terminal 300 then sends the unhashed player 
random number to game server 200. At step 1320, crypto- 
graphic processor of the game server 200 hashes the player 
random number, comparing the resulting hash value to the 
hash value received from player terminal 300. If the hash 
values match, then game server 200 is assured that player 
terminal 300 has not submitted an altered player random 
number. With both random numbers now in its possession, 
game server 200 then proceeds to generate a game result as 
described above. 

As with the single encoding embodiments, in one embodi- 
ment of the hash value operation, the player terminal 300 
generates and transmits a hash value of its random number 
as described above. However, in an alternative embodiment, 
the hash value of a random number may be generated by 
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game server 200, in which case, the corresponding proce- 
dures of the game server 200 and player terminal are again 
switched. 

Simultaneous Exchange Embodiments 

5 In this embodiment, player terminal 300 and game server 
200 simultaneously exchange random numbers, eliminating 
the need for any coding or hashing to ensure the indepen- 
dence of the generation of the random numbers. 
FIG. 14 illustrates a procedure for this embodiment. In 

10 FIG. 14, player terminal 300 has already transmitted player 
selection data as described above. At step 1400, player 
terminal 300 generates a player random number, then stores 
it in player random number database 390 at step 1410. At 
step 1420, game server 200 generates a game server random 

15 number and, at step 1430, stores it in game server random 
number database 292. At step 1440, the player random 
number and the game server random number are simulta- 
neously posted to an electronic bulletin board. In one 
embodiment, this is accomplished by setting a time at which 

20 the random numbers are to be posted. For example, both 
parties agree to post the random numbers at 3:00 PM, and 
incorporate this time into their respective communication 
software. At 3:00 PM, the communications software (not 
shown separately) automatically posts the random numbers. 

25 To deter cheating, the operating system of the electronic 
bulletin board could void any random number not posted 
within one tenth of a second of the agreed-upon posting 
time. This time requirement is preferably so small as to make 
the reverse calculations using a combination protocol com- 

30 putationally infeasible. 

Once the player random number and the game server 
random number have been posted, the process for this 
embodiment proceeds as described above to generate a game 
result. 

35 Multiple Player Embodiments 

The above embodiments describe protocols in which one 
player interacts with game server 200. Multiple players 
could easily be handled by treating each player individually, 
with players receiving individual game results. Five roulette 

40 players, for example, could each submit player selection 
data and receive a game result based on a different result 
value. Alternatively, players could combine their player 
random numbers and receive a game result based on a single 
communal result value. In this way game server 200 more 

45 closely parallels a physical casino in which a group of 
players face wins or losses based on the same spin of the 
wheel. 

As in the previously described embodiments, in multiple 
player embodiments, each player generates selection data 

50 describing the type of wager that they want to make. Game 
server 200 then generates a game server random number and 
encodes it using cryptographic processor 210. Each player 
terminal 300 generates a player random number and encodes 
it with its respective cryptographic processor 310. Each 

55 player terminal 300 then transmits its encoded player ran- 
dom number to game server 200. Once game server 200 has 
collected all encoded player random numbers, it transmits 
the encoded game server random number to each player 
terminal 300. After receiving the encoded game server 

60 random number, each player terminal 300 transmits its 
player decoding key to game server 200. Game server 200 
decodes each encoded player random number and uses them 
to generate a game result using the combination protocol 
from combination protocol database 298, which may store 

65 different protocols for various numbers of players, up to the 
maximum number of players allowed in a game. The game 
result is transmitted to each player terminal 300. Players can 
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verify the result value by exchanging decoded player ran- game result might therefore require seven or eight result 

dom numbers with each other and comparing them with the values, each one created through the described procedures of 

game server random number after decoding it with a game the present invention, 

server decoding key. Cryptographic Authentication Embodiments 

In another embodiment, each player terminal 300 gener- 5 In certain embodiments of the present invention, authen- 

ates player selection data and a player random number. The tication of authorship of the player selection data and player 

first player encodes his player random number and transmits random number involves checking an attached ID or name 

it to the second player. The second player concatenates his and comparing it with those stored in player database 255. 

random number with the encoded random number from the In an alternative embodiment, cryptographic protocols are 

first player, and encodes both numbers before sending them 10 added to the authentication process. These protocols 

to the third player. This process continues for each of the enhance the ability to authenticate the sender of a message 

players. The last player sends the combined player random and serve to verify the integrity of the communication itself, 

number to game server 200. Game server 200 creates a game proving that it has not been altered during transmission, 

server random number, encodes it, then transmits it to each Encryption can also prevent eavesdroppers from learning the 

player. After receiving the game server encoded random 15 contents of the communication. Such techniques shall be 

number, each player terminal 300 sends its player decoding referred to generally as cryptographic assurance methods 

key to game server 200. Cryptographic processor 210 of and include the use of both symmetric and asymmetric keys 

game server 200 decodes the combined player random as well as digital signatures and hash algorithms, 

number using these decoding keys, forms a result value, and The practice of using cryptographic protocols to ensure 

produces a game result for each player. 20 the authenticity of senders as well as the integrity of com- 

Instead of the mutually encoding embodiments described munications is well known in the art and need not be 

above, hash algorithms, single encoding, and simultaneous described here in detail. Any conventional cryptographic 

exchange procedures consistent with those described above protocols such as those described in Bruce Schneier, Applied 

may be used to facilitate the interaction of multiple players. Cryptography, Protocols, Algorithms, And Source Code In 

Single Event Versus Multiple Event Embodiments 25 C, (2d Ed, John Wiley & Sons, Inc., 1996), could be used in 

Outcomes for gambling games are determined by either a accordance with the present invention and would be 

single event or a multiple event. Roulette and slots are good executed by cryptographic processor 210. 

examples of single event games as a single outcome deter- FIG. 15 illustrates a symmetric key embodiment in which 

mines the game result. One spin of the roulette wheel player terminal 300 and game server 200 share a key. Thus, 

completely resolves all bets placed on that spin. The result 30 both encryption and decryption of the player selection data 

of a slot machine wager requires a single handle pull to and player random number (also referred to separately or 

determine whether the player wins or loses. In these single together as a player communication) are performed with the 

event games, a result value is easily compared to player same key. This encryption may be implemented with an 

selection data to determine a game result. algorithm such as DES (U.S. Government standard, speci- 

In multiple event games, however, a game result may be 35 tied in FTPS PUB 46), or with any of several algorithms 

based on multiple result values. Blackjack is one example of known in the art such as IDEA, Blowfish, RC4, RC2, 

a multiple event game. Whether a player wins a hand SAFER, etc. 

depends on the player's cards and the dealer's cards. Gen- Initially, a player encrypts his communication with his 
erating a single result value to represent one card is not assigned symmetric key at step 1500, using cryptographic 
enough. Instead, in one embodiment of the invention, a 40 processor 310 of player terminal 300. The key may be stored 
result value represents the complete sequence of fifty-two in encoding key database 375 or otherwise stored or memo- 
cards. Once the card sequence is defined based on the player rized by the player. The player communication is then 
random number and the game server random number, the transmitted to cryptographic processor 210 of game server 
cards can be dealt. 200 at step 1510. Cryptographic processor 210 extracts the 

For example, after generating an encoded player random 45 player ID from the player communication (step 1520), looks 

number and transmitting it to game server 200, player up the symmetric key of the player in player database 255 

terminal 300 receives the encoded game server random (step 1530), and decrypts the player communication with 

number. Player terminal 300 then transmits a decoding key this key (step 1540). Game server encoding key database 

to game server 200 which generates the result value repre- 294 contains algorithms and keys for encrypting, decrypting, 

senting the complete sequence of cards in the deck. Before 50 and/or authenticating communications. At step 1550, the 

sending a game server decoding key to player terminal 300, cryptographic processor 210 determines if the resulting 

game server 200 sends the player card values representing a communication is intelligible. If so, then the communication 

hand of cards dealt from the sequence of cards generated by must have been encrypted by the same key, authenticating 

the result value. If he desires, the player then selects to draw that the player must have indeed been the author of the 

additional cards for his blackjack hand, again, from the 55 message. It will be understood that these cryptographic 

defined sequence of cards. Once the hand is selected, game techniques are employed to protect the security of the 

server 200 transmits a game server decoding key to player communications, in addition to the appropriate random 

terminal 300. It is important that the player not receive this number encryption technique described above, 

key before making his selection to draw additional cards, This procedure makes it difficult for an unauthorized 

since decoding the game server encoded random number 60 player to represent himself as a legitimate player. Without 

would allow the payer to know the complete sequence of cryptographic procedures, an unauthorized player who 

cards. obtained a sample communication from a legitimate player 

Another method for handling blackjack games is to gen- might be able to extract the player ID and then attach this ID 

erate a result value for each card dealt. After making his bet number to unauthorized communications. When player 

(by establishing player selection data) the player generates a 65 communications are encrypted with a symmetric key, 

series of player random numbers, exchanging them with however, an unauthorized player obtaining a sample player 

game server 200 for each card required in the hand. The communication only discovers the player's ID number, not 
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the symmetric key. Without this key, the unauthorized player they are useless if the player's cryptographic keys are 

cannot create a player communication that will fool game compromised. An unauthorized player who obtains the 

server 200, since he cannot encrypt his communication in symmetric key of another player is indistinguishable from 

the same way that the authorized player could. The sym- that player in the eyes of game server 200. There is no way 

metric key protocol also ensures that the player communi- 5 to know whether the player was the true author of the 

cation has not been tampered with during transmission, communication, or an unauthorized player with the right 

since alteration of the communication requires knowledge of cryptographic keys . In one embodiment, biometric devic e 

the symmetric key. An encrypted player communication also 3 55 (FIG. 3) such aVa fingerprint reader, voice recognitio n 

provides the player with more anonymity. s ystem, retinal scanner, or ,ui<Li} Kg help to solve this prob - 

FIG. 16 illustrates an asymmetric key protocol in which lem. A biometnc de vi ce incorporates a ph ysical attribute of 

a player communication is encrypted with a private key and the_ player uuo a co mmunication, which' is then com pared 

decrypted with a public key. Two such algorithms for w ltE the Value stored in player database Z55 at game server 

asymmetric key protocols are the RSA algorithm and the 200. ~ " ~" 

Digital Signature Algorithm ("DSA"). At step 1600, player Fingerprint verification, for example, may be execut ed 

terminal 300 encrypts the player communication with the b eforelhe creation of a communication, durmg tne gene ra- 

player's private key using cryptographic processor 310. 15 tio^ nt a communication in response to prompts rrdntgam e 

Player terminal 300 then transmits the player communica- s erver 200. at some predetermined or random tune, o r 

tion to game server 200 at step 1610. Cryptographic pro- co ntinuously bv incorporating tbe scanning lens into playe r 

cessor 210 at game server 200 then extracts the player ID at te rminal 300 and requiring the player to maintain a finger on 

step 1620, looks up the player's associated public key in tl ie scanning lens at all times tor continuous venn.can.o n 

player database 255 at step 1630, and decrypts the commu- 20 while the communication is generated. ~* 

nication with this public key at step 1640. As before, if the An example of such a biometric device is the FClOO 

player communication is intelligible then game server 200 F INGERPRINT VERIFIER a vailable from Startek, a Tai- 

has authenticated the player at step 1650. Again, unautho- wanese company. T he FClOO is readily adaptable to any F C 

rized players obtaining the player communication before it via an interface card. The fingerprint verifier utilize s an 

is received by game server 200 are not able to undetectably 25 o ptical scanning lens. Ihe player places a linger on the le ns, 

alter it since they do not know the private key of the player. a nd the resulting image is scanned and digitized, and th e 

Unauthorized players might, however, be able to read the d ata compressed and stored in memopy. Typically, a 256 byte 

message if they managed to obtain the public key of the file is all that is required. Each live-scan fingerprint is 

player. Communication secrecy is obtained if the player compared against the previously enrolled/stored template, 

encrypts the player communication with his public key, 30 stored in data storage device 360. If the prints do not match , 

requiring the unauthorized player to know the player's the cryptographic algorithms executed by cryptograp hic 

private key to view the player communication. pr ocessor 31U may prevent the player from generating a 

FIG. 17 shows a cryptographic technique using digital communication.^ 

signatures to provide authentication and message integrity. L ln a volCe vermcation embodiment, the player's voice is 

One such algorithm is DSA. As in the asymmetric protocol 35 used to verify his identity. This embodiment has the advan- 

described above, each player has an associated public and tage of not requiring the use of any specialized hardware 

private key. The player signs his communication with his since it can be implemented over a standard phone connec- 

private key at step 1700 with cryptographic processor 310 tion. The player's identity is verified at game server 200. The 

and transmits it to game server 200 at step 1710. At game process of obtaining a voice-print and subsequently using it 

server 200, cryptographic processor 210 extracts the player 40 to verify a person's identity is well-known in the art, and 

ID at step 1720 and looks up the player's public key at step therefore need not be described in detail. Conventional 

1730, verifying the signature using the communication and speaker identification software samples the player's voice, 

the public key of the player at step 1740. If the communi- This sample is stored at game server 200 in player database 

cation is intelligible, then game server 200 accepts the 255. Each time the player wants to transmit a communica- 

communication as authentic at step 1750. 45 tion to game server 200, he is required to call game server 

Referring now to FIG. 18, there is illustrated a crypto- 200 and speak into the phone at the prompt for a voice 

graphic technique using message authentication codes for sample. If this sample matches that stored in player database 

verifying the authenticity and integrity of a player commu- 255, the player is provided a password which is incorporated 

nication. In the hash protocol of the present invention, player into the digital signature appended to his communication, 

terminal 300 and game server 200 share a symmetric key, 50 Any communication received without an appropriate voice 

which the player includes in a hash of the communication at match password is not accepted. The voice-print may also be 

step 1800. In the hash protocol, a one-way function is stored in a database within data storage device 360 of player 

applied to the digital representation of the communication. terminal 300, to verify the player's identity locally prior to 

Any of the MAC algorithms, such as RIPE-MAC, IBC- allowing his communication to be created. 

Hash, CBC-MAC, and the like may be applied in this 55 Anonymous Transactions Embodiments 

application. After transmitting the communication to game As mentioned previously, the present invention allows for 

server 200 at step 1810, cryptographic processor 210 of the anonymity of players. Such anonymity is accomplished 

game server 200 extracts player ID from the player com- by eliminating all references to the names of the players for 

munication at step 1820. Then cryptographic processor 210 all communications. A player, for example, would include 

looks up the player's symmetric key at step 1830 and hashes 60 his ID in the player selection data, rather than his name, 

the communication with the symmetric key at step 1840, preventing eavesdroppers from discovering the player's 

comparing the resulting hash value with the hash value identity. To prevent detection of a player's ID stored in 

attached to the communication. If the values match at step player database 255, the ID numbers are preferably 

1850, the integrity of the communication is verified along encrypted with the public key of game server 200. 

with the authenticity of the player 65 As an additional protection of identity, the player may 

Although cryptographic techniques can provide greater communicate with game server 200 through conventional 

confidence in the authenticity of player communications, anonymous remailers found on the Internet. 
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Payment Embodiments 4. An electronic game server according to claim 1, further 

While the invention can be implemented without provi- comprising: 

sions for payment features, there are many methods by means at said player terminal for encrypting said first 

which the providers of the foregoing systems could derive a random number or other player selection data using a 

revenue stream. In one embodiment, a flat fee is charged for 5 first encryption key; 

every set of player selection data submitted. In other a database at said game server storing at least one decryp- 

embodiments, flat fees would cover any number of sets of tion key corresponding to said first encryption key; and 

player selection data over a given period of time allowing ^ & ^ seryer fof d tin said first random 

players to subscribe to the service much as they would numbef Qr ^ ^ ^ selection ^ using said at 

subscribe to a newspaper. In another embodiment, advertis- 10 least Qne decryption k ey 

ers pay to have messages listed along with the Web pages for 5 ^ electronic game server accordmg to claim 1, further 

the player selection data, supplementing the costs of oper- comprising 1 

3t While Ehas been illustrated and described what are at said P la y er ***** for encrypting said first 

r . , ,. . j random number or other player selection data using a 

present considered to be preferred embodiments and meth- 15 . . *\ J 49 

ods of the present invention, it will be understood by those P nvate ™ c W*on key; and 

skilled in the art that various changes and modifications may means at said S ame server for decrypting said first random 

be made, and equivalents may be substituted for elements numbcr or Slld othcr P la y er sdcction data using a 

thereof without departing from the true scope of the inven- ^ P ublic decryption key. 

^ on 2Q 6. An electromc game system as defined in claim 1, 

In addition, many modifications may be made to adapt a wherein said onc or more P laver terminals further include 

particular element, technique or implementation to the encoding means for encodmg said first random number; and 

teachings of the present invention without departing from wherein ™ id S 8 ™ scrver ^er includes decoding means 

the central scope of the invention. Therefore, it is intended for decoding said encoded first random number, 

that this invention not be limited to the particular embodi- 25 ^. An electronic game system according to claim 6 said 

ments and methods disclosed herein, but that the invention P lavcr terminal further comprising: 

include all embodiments falling within the scope of the means for generating a decoding key; and 

appended claims. means for transmitting said encoded first random number 

What is claimed is: to said game server before receiving said second ran- 

1. An electronic game system comprising a game server 30 dom number from said game server and for transmit- 
and one or more player terminals, ting said decoding key to said game server after receiv- 

whercin said one or more player terminals include: ing said second random number from said game server, 

a first random number generator; and 8. An electronic game system as defined in claim 1, 

first transmitting means for transmitting said first ran- wherein said game server further includes encoding means 

dom number to said game server at substantially the 35 for encoding said second random number, 

same time as a second random number is received; 9. An electronic game system as denned in claim 8, 

and wherein said one or more player terminals further include: 

wherein said game server includes: decoding means for decoding said encoded second ran- 

a second random number generator; and dom number. 

second transmitting means for transmitting said second 40 10. An electronic game system according to claim 8, said 

random number to said one or more player terminals game server further comprising: 

at substantially the same time as said first random means for generating a decoding key; and 

number is received, means for transmitting said encoded second random num- 

said system including means for generating a game result ber to said player terminal before receiving said first 

based on said first random number and said second random number from said player terminal and for 

random number. transmitting said decoding key to said player terminal 

2. An electronic game system according to claim 1, after receiving said first random number from said 
wherein said player terminal further comprises: player terminal. 

means for generating a hash value of said first random 5Q 11. An electronic game system according to claim 9, 

number; further comprising: 

means for transmitting said hash value to said game server means for exchanging decoding keys between said game 

before receiving said second random number from said server and said player terminal to decode said second 

game server; and random number, 

means for transmitting said first random number to said 5S 12. In an electronic game environment having a game 

game server after receiving said second random num- server and a player terminal, a method of controlling an 

ber from said game server. electronic game, comprising the steps of: 

3. An electronic game server according to claim 1, generating a first random number at said player terminal; 
wherein said game server further comprises: generating a second random number at said game server; 

means for generating a hash value of said second random 60 and 

number; transmitting said first random number to said game server 

means for transmitting said hash value to said player and transmitting said second random number to said 

terminal before receiving said first random number player terminal at substantially the same time. 

from said player terminal; and 13. A method according to claim 12, further comprising 

means for transmitting said second random number to 65 the step of: 

said player terminal after receiving said first random posting said first and second random numbers to an 

number from said player terminal. electronic network. 
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14. A method of according to claim 13, further comprising 
the step of: 

attesting to the veracity of said posted numbers by a third 
party. 

15. A method according to claim 13, further comprising 
the steps of: 

transmitting player identifying information to said game 
server, and 

authenticating at said game server said player identifying 
information. 

16. A method according to claim 15, further comprising 
the step of: 

creating an audit record including said player identifying 
information, said first random number, said second 
random number, and a game result. 

17. A method according to claim 16, further comprising 
the step of: 

storing said audit record at a Location separate from said 
game server. 

18. In a game server for an electronic game environment 
having a game server and a player terminal, a method of 
controlling an electronic game, comprising the steps of: 

generating a first random number; 
receiving a second random number from said player 
terminal; and 

transmitting said first random number to said player 
terminal at substantially the same time that said second 
random number is received from said player terminal. 

19. The method of claim 18, further comprising: 
generating a game result based on said first number and 

said second number. 

20. The method of claim 18, further comprising: 
transmitting said game result to said player terminal. 

21. In a player terminal of an electronic game environ- 
ment having a game server and a player terminal, a method 
of obtaining a game result, comprising the steps of: 

generating a first random number; 
receiving a second random number from said game 
server; 

transmitting said first random number to said game server 
at substantially the same time that said second random 
number is received from said game server; and 

receiving a game result from said game server, said game 
result being based on said first and second random 
numbers. 

22. A device to control an electronic game for use in a 
game server for an electronic game environment having a 
game server and a player terminal, comprising: 

a processor; and 
a storage device coupled to said processor and storing 

instructions adapted to be executed by said processor 

to: 

generate a first random number; 

receive a second random number from said player 55 
terminal; and 

transmit said first random number to said player ter- 
minal at substantially the same time that said second 
random number is received from said player termi- 
nal. 
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23. The method of claim 22, said storage device further 
storing instructions adapted to be executed by said processor 
to generate a game result based on said first number and said 
second number. 

24. The method of claim 22, said storage device further 
storing instructions adapted to be executed by said processor 
to transmit said game result to said player terminal. 

25. A medium storing instructions adapted to be executed 
by a processor to perform a method of controlling an 
electronic game for use in a game server for an electronic 
game environment having a game server and a player 
terminal, said method comprising: 

generating a first random number; 
receiving a second random number from said player 
terminal; and 

transmitting said first random number to said player 
terminal at substantially the same time that said second 
random number is received from said player terminal. 

26. The medium of claim 25, wherein said method further 
comprises: 

generating a game result based on said first number and 
said second number. 

27. The medium of claim 25, wherein said method further 
comprises: 

transmitting said game result to said player terminal. 

28. A device to obtain a game result for use in a player 
terminal of an electronic game environment having a game 
server and a player terminal, comprising: 

a processor; and 

a storage device coupled to said processor and storing 
instructions adapted to be executed by said processor 
to: 

generate a first random number; 
receive a second random number from said game 
server; 

transmit said first random number to said game server 
at substantially the same time that said second ran- 
dom number is received from said game server; and 

receive a game result from said game server, said game 
result being based on said first and second random 
numbers. 

29. A medium storing instructions adapted to be executed 
by a processor to perform a method of obtaining a game 
result for use in a player terminal of an electronic game 
environment having a game server and a player terminal, 
said method comprising: 

generating a first random number; 
receiving a second random number from said game 
server; 

transmitting said first random number to said game server 
at substantially the same time that said second random 
number is received from said game server; and 

receiving a game result from said game server, said game 
result being based on said first and second random 
numbers. 
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